Episode 56: Is Exchange leaking your creds?

If you follow the Microsoft productivity space, you have no doubt seen or heard about the "Autodiscovering the Great Leak" research paper recently published by Amit Serper, a security researcher at Guardicore. The paper details more than five months' research into the Autodiscover service used by Microsoft Exchange. Amit's research was picked up and in many instances misreported by the tech press, which in turn caused a certain degree of panic. We're deeply passionate about Exchange and have been for a very long time, so we thought it would be a good idea to sit down with Amit to talk through his research and better understand his findings. During the episode, Amit talks about the following resources: * https://detectionlab.network * https://autodiscover-vulnerable-tlds.com Amit Serper is a security researcher that spent almost a decade in the Israeli intelligence community where he worked in vulnerability research, exploit development and designed the architectures of uniquely complicated, highly reliable, one-of-a-kind communication systems. During his 9 year tenure in the IDF and Israeli government, he received 4 certificates of excellence and two commendations. During his career he has been on both the red and blue sides, joined an early stage start-up to build EDR products from scratch on various operating systems, conducted low level operating system research, reverse engineered malware, performed countless IR engagements, helped build a global research team and brand, and stopped a few global attacks (NotPetya, BadRabbit, Operation softcell to name a few). Amit is a frequent public speaker at security conferences all over the world and shares his research and knowledge in various blog posts, conferences, and podcasts. You can find Amit on Twitter - https://twitter.com/0xAmit